On 08/16/2011 04:40 PM, Rich Megginson wrote:
On 08/16/2011 03:33 PM, Anthony Messina wrote:
> On 08/16/2011 03:25 PM, Rich Megginson wrote:
>>> I havent filed a bug yet as I am working on a virtual environment to
>>> test, which I'm sure you'll want me to, in order to be able to
>>> the issue ;)
>> Indeed, yes, please let us know asap.
> Sure. If you know the settings I need to enable to increase logging, as
> well as what you would need for this type of problem, etc., please let
> me know as this will greatly speed up my ability to provide useful
> information. -A
If it is aci related, there are two:
128 Access control list processing (very detailed!)
262144 ACI summary information
probably the latter for starters. Otherwise, just a way to reproduce
the problem in a few steps. If you do get the server to hang, follow
the steps at
that, instead of a core file, pass in the process id of the running slapd.
I've tried to reproduce this issue in a virtual host and I can reproduce
it, when logging error logging is basically off. Using either 128 or
262144 slows things down, but I don't get the server hang.
Steps to reproduce:
1) Install 389-ds-base and admin-serv with setup-ds-admin.pl, option 2.
2) Remove the "Allow anonymous access" ACI from the root entry
3) Starting doing some searches.
Wait for the server to stop accepting requests. Again, with
nsslapd-errorlog-level set to > 0, I cannot reproduce the problem.
Does anyone else remove the "Allow anonymous" ACI from the root entry?
My goal is to only allow anonymous access to hosts from inside the LAN
using dns= or ip= entries.
Anthony - http://messinet.com
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E